|
198621
|
7.2 |
HIGH
Network
|
artica
|
pandora_fms
|
Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or us…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-7935
|
2024-11-21 14:38 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198622
|
5.3 |
MEDIUM
Network
|
artica
|
pandora_fms
|
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-8497
|
2024-11-21 14:38 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198623
|
6.7 |
MEDIUM
Local
|
nextcloud
|
desktop
|
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.
|
CWE-94
Code Injection
|
CVE-2020-8140
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198624
|
6.5 |
MEDIUM
Network
|
nextcloud
fedoraproject
|
nextcloud_server
fedora
|
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.
|
CWE-862
Missing Authorization
|
CVE-2020-8139
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198625
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar U…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8138
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198626
|
9.8 |
CRITICAL
Network
|
blamer_project
|
blamer
|
Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.
|
CWE-94
Code Injection
|
CVE-2020-8137
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198627
|
7.5 |
HIGH
Network
|
fastify
|
fastify-multipart
|
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8136
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198628
|
9.8 |
CRITICAL
Network
|
uppy
|
uppy
|
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal system…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8135
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198629
|
8.1 |
HIGH
Network
|
ghost
|
ghost
|
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8134
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198630
|
9.8 |
CRITICAL
Network
|
liferay
|
liferay_portal
|
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-7961
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
